Configuring XDCR with data encryption

A POST to /pools/default/remoteClusters creates the XDCR cluster reference from the source cluster to the destination cluster.
The secureType parameter can be:

none: The connection is not secured.

half: Only the password is encrypted.
If the destination cluster is running Couchbase Enterprise Server verion 5.5 or later, SCRAM-SHA is used, and no certificate is required.
If the destination cluster is running a pre-5.5 version of Couchbase Enterprise Server, TLS is used, and the root certificate of the destination cluster must be provided.
In both cases, the username and password of the destination cluster’s Full, Cluster, or XDCR Administrator must be provided.
If specified, the root certificate of the destination cluster is ignored if the destination cluster is running a pre-5.5 version of Couchbase Enterprise Edition.

full: Both password and data are encrypted.
TLS is used.
This requires either:

The username and password of the destination cluster’s Full, Cluster, or XDCR Administrator; plus the root certificate of the destination cluster.

The root certificate of the destination cluster; plus the client certificate and client private key of the local cluster.

HTTP method and URI

The following HTTP method and URI modifies the destination cluster reference.